Releases: CakeDC/users
Releases · CakeDC/users
Release list
16.0.4
What's Changed
- Fix timing-safe comparison for social account token validation using
hash_equals()(#1179) - Reject empty/partial tokens explicitly in
SocialAccountBehavior::validateAccount()(#1179) - Fix
UsersFixturemissingtableAliascausing incorrect Table class resolution foradditional_datajson type (#1179) - Fix
schema.phpdiscrepancies against migrations:users.activedefault,users.secretlength,users.secret_verifieddefault,social_accounts.avatartype,social_accounts.linktype and nullability (#1179)
16.0.3
What's Changed
- Fix type-hint finders with
Cake\ORM\Query\SelectQueryfor Cake 5 compatibility (#1180) - Fix redundant null-coalescing on always-set array offsets in
SocialBehavior(PHPStan) (#1181) - Fix
ReCaptcha\Responsemock incompatibility with PHP 8.4+ readonly classes (#1181) - Fix correct config keys and hardcoded threshold in
OneTimeLoginLinkBehavior(#1178) - Fix clear activation token after email activation (#1177)
- Use cryptographically secure random bytes in
RandomStringTrait(#1176) - Fix authenticator check before issuing password rehash warning (#1174)
New Contributors
16.0.2
What's Changed
- Feature/gb 1170 by @arodu in #1171
- adjust migrations to use new BaseMigration class by @LordSimal in #1172
- fix deprecations by @LordSimal in #1173
Full Changelog: 16.0.1...16.0.2